← All articles

Anthropic Project Glasswing: What CISOs Need to Know About Claude Mythos for Vulnerability Finding (2026)

By Asaf Katz · June 30, 2026

QUICK ANSWER

Anthropic launched Project Glasswing in June 2026, giving six top organizations -- AWS, Apple, Cisco, Google, JPMorgan Chase, and Microsoft -- early access to Claude Mythos Preview to find and fix critical software vulnerabilities. This is the most significant AI-security program launched in 2026 and signals exactly where CISOs should be paying attention.

What Is Anthropic Project Glasswing?

Anthropic launched Project Glasswing in June 2026 as a controlled, invitation-only program giving select organizations early access to Claude Mythos Preview -- Anthropic's unreleased frontier model -- specifically for cybersecurity vulnerability discovery.

The six founding participants are AWS, Apple, Cisco, Google, JPMorgan Chase, and Microsoft. Each receives controlled API access to Claude Mythos Preview to run against their codebases, infrastructure, and software supply chains to surface critical vulnerabilities before they can be exploited.

Why This Matters for CISOs in 2026

Cybersecurity buying committees have expanded to an average of eight stakeholders in 2026 -- executives, finance, IT, operations -- all with different definitions of risk and value. The cost and complexity of evaluating new security vendors is higher than ever.

Project Glasswing signals two things CISOs need to internalize:

1. AI is now a serious defensive security tool. Claude Mythos Preview's 1-million-token context window can ingest entire codebases, network configurations, and compliance documentation simultaneously -- the capability gap prior models could not bridge for serious security review.

2. Access to frontier AI for security will be tiered. The same week Anthropic's Claude Fable 5 was suspended under US export controls, Glasswing participants retained controlled access to Mythos Preview. Regulatory frameworks are settling into use-case-specific access, and cybersecurity is an approved lane.

How AI-Assisted Vulnerability Finding Works at Scale

The Glasswing organizations are reportedly using Claude Mythos Preview to:

These tasks previously required multiple specialized scanning tools plus human security engineers spending hours to days per audit cycle. With a 1M-token context window, a single model can hold the entire scope in view simultaneously.

What This Means for Cybersecurity Vendors Selling to CISOs

If you sell security tools to CISOs and are not leading with an AI-forward narrative in your outreach, you are behind the conversation your buyers are already having.

Project Glasswing is publicly visible. CISOs at companies outside the Glasswing six are watching what AWS, Cisco, and Google are doing with Claude Mythos and asking their vendors the same questions.

The challenge for cybersecurity vendors is that CISOs are deluged with outreach -- cold email reply rates for security are at record lows in 2026. The highest-converting pipeline channel for CISO meetings is still expert-led events focused on their current threat priorities.

At LinkedOtter, we placed 38 C-level attendees at RSA from 1,266 targeted prospects with an invite focused on identity security -- a topic directly relevant to what CISOs are being pressured on. That is the motion that still cuts through.

The Regulatory Signal: AI Access Is Being Calibrated by Use Case

The juxtaposition of Fable 5's suspension and Glasswing's continuation in the same week is significant. US regulators are not banning AI -- they are segmenting access. Broad public use of frontier models faces export controls. Controlled use for high-value security research is permitted.

For CISOs evaluating AI vendor claims, this is important context. Not all AI access is equal. Ask your vendors what model tier they have access to and whether that access is subject to regulatory conditions.

Key Takeaways for CISOs

Frequently asked questions

What is Anthropic Project Glasswing?

Project Glasswing is Anthropic's controlled program giving six select organizations -- AWS, Apple, Cisco, Google, JPMorgan Chase, and Microsoft -- early access to Claude Mythos Preview specifically for finding and fixing critical software vulnerabilities.

Which organizations are in Project Glasswing?

The six founding participants are AWS, Apple, Cisco, Google, JPMorgan Chase, and Microsoft. Anthropic has not announced additional participants or a public access timeline for Claude Mythos Preview.

How does Claude Mythos help find software vulnerabilities?

Claude Mythos Preview's 1-million-token context window allows it to ingest entire codebases simultaneously, identify logic flaws in auth code, surface hardcoded credentials, flag vulnerable dependencies, and cross-reference against CVE databases -- all in a single analysis pass.

Is Claude Mythos Preview publicly available?

No. Claude Mythos Preview is only available to Project Glasswing participants. Claude Fable 5 was publicly launched June 9, 2026 but suspended June 12 under US export controls. Claude Opus 4.8 is the highest publicly available Claude model.

What does Project Glasswing mean for cybersecurity vendors?

It signals that CISOs are actively evaluating AI-augmented security operations. Vendors with credible AI-forward security narratives will find a more receptive audience. Those without will struggle to differentiate from the noise.

How do you get meetings with CISOs in 2026 given low cold email reply rates?

Expert-led live events focused on current CISO priorities -- identity security, AI-assisted defense, supply chain vulnerabilities -- outperform cold email significantly. LinkedOtter placed 38 C-level attendees at RSA from 1,266 targeted prospects using this approach.

Related

Take the free 60-second check